Remote VPN DNS issue

We have a main office and several small offices connect back to it via site-to-site VPNs. DNS is handled by our SBS server in the main office, which is where all the other domain resources are .

Back at the SOHO, the local router hands out the ip settings via DHCP. The primary DNS is the one at the main office, then the local ISP DNS is secondary and tertiary, in case there's a problem with the VPN.

Well often, their is a "no host found" when trying to ping via hostname or fqdn, but via IP works fine. ipconfig /all shows the office's DNS, so I cannot figure out where to go from there.

The issue is sporadic. One user will have connectivity. Others don't. Then only one user won't be connected while 3-4 are... I don't get it.

Finally, these are SonicWall routers in the field connected to a Cisco ASA 5500 it the main office.

Yes, a power anomaly could do this is network equipment or the server is not backed up by a UPS unit. If you are having many power outages or anomalies buy a UPS for the NCPI (Network-Critical Physical Infrastructure). The server should already have this as a best practice. So then if each firewall does this will not occur in the future.

Also, what type of error message are the other users getting when they cannot connect?

The SOHOs do not have UPSes on them. But power outages are rarely the problem. What has happened in the past is that sometimes the VPN would go down, usually because interesting traffic wasn't being generated (weekends when no one was there).

So, is best practices to provide only internal DNS servers to client devices? If the VPN goes down, they can't get to the internet -- and I can't remotely then get to them... Not good.

How can I prove what DNS server is being used to resolve DNS queries? I would hate to disable the secondary and tertiary DNS without that issue being solved.

I agree, it is a very common problem. The remote users must use ONLY the SBS for DNS. Using an ISP, even as an alternate, can result in slow logon and many name resolution issues. Often the ISP responds faster than the remote site and thus hangs until a time out. The only way to properly address dropped VPN connections is to add a local AD integrated DNS server.

I posted the possible solutions to management, and they said they wanted a new router capable of doing the split DNS. I don't know how to do that for starters, but I really can't leave them isolated if the VPN tunnel goes down.

Split DNS router? You really need to add a basic Active Directory Integrated DNS server if it is a concern. This can be a read only DNS server, and with PC hardware, but needs to be a Windows server O/S 2003 or newer.

I always ask why Internet is so important. If company files and e-mail are on the remote server, other than facebook, what is so important on the Internet. Most often the loss of connection is due to an ISP not the VPN, so you would loose Internet in any case.

Yeah... well, we've had VPN issues. I think it's solid now, but with the internet up, we can use a software VPN (Microsoft) to connect. And, if they can't get to the internet, I can't fix their problem because I work remotely. I can propose the local DNS server as well, but I'm not sure that extra expense will fly.

The problem is DNS in Windows does not work as one would expect. Rather than using the primary DNS and when it fails moving to the secondary, a DNS lookup is sent to all DNS servers, the first one to respond is the one with which Windows will negotiate. Of course most of the time the ISP's DNS will respond faster than the remote site's DNS server, and will not be able to do a DNS lookup for an internal DNS name, fail, and cause connection issues.

The only solution is a local DNS server which replicates with the remote site.

If in the event of a failure you are using a VPN client, you can still do so if you use the IP rather than a DNS name. I would suggest resolving the VPN stability issues, or as mentioned, a local DNS server is the best solution. Unfortunately up time is proportionate to costs.

So far, so good. The site I was working on was having spotty internet problems, so I hope all is well. Thanks for the great ideas. I was always taught that DNS goes to primary, then if not avail goes to secondary, etc... I learned something.

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.

If you're not part of the solution, you're part of the problem.
Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet. Use PRTG Network Monitor as one of the building blocks, to detect unusual…

After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail. The methods are covered in more detail in o…